Overview
Discover how to bypass Windows authentication and defeat full disk encryption in this 26-minute Black Hat conference talk. Learn about Microsoft BitLocker, its use of Trusted Platform Modules (TPM) for storing encryption keys, and how transparent BitLocker operates. Explore the vulnerabilities in Windows domain authentication and password reset processes that allow circumvention of BitLocker protection. Gain insights into why this attack works and its implications for data security. Understand the potential risks to enterprise data loss prevention strategies relying on full disk encryption without additional safeguards.
Syllabus
Bypassing Local Windows Authentication to Defeat Full Disk Encryption
Microsoft BitLocker
Storing Secrets on a TPM
Transparent BitLocker
Windows Domain Authentication
Password Reset
Reflections: Why Does This Work? • The protocol for password changes was
Black Hat Sound Bytes
Taught by
Black Hat